From 3a339695a86be23219b03f59e24d6f5afd538b2b Mon Sep 17 00:00:00 2001 From: Christian Kotte Date: Tue, 13 Nov 2018 13:49:40 +0100 Subject: [PATCH] VMware: Improve module vmware_local_user_facts (#47868) * add check mode support * add assigned role to the output * change output to match vmware_local_user_manager output * change principal to user_name * change full_name to user_description --- .../cloud/vmware/vmware_local_user_facts.py | 107 ++++++++++++++---- 1 file changed, 86 insertions(+), 21 deletions(-) diff --git a/lib/ansible/modules/cloud/vmware/vmware_local_user_facts.py b/lib/ansible/modules/cloud/vmware/vmware_local_user_facts.py index cddfda854d..409caf5220 100644 --- a/lib/ansible/modules/cloud/vmware/vmware_local_user_facts.py +++ b/lib/ansible/modules/cloud/vmware/vmware_local_user_facts.py @@ -1,6 +1,7 @@ #!/usr/bin/python # -*- coding: utf-8 -*- # Copyright: (c) 2018, Abhijeet Kasurde +# Copyright: (c) 2018, Christian Kotte # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) from __future__ import absolute_import, division, print_function @@ -24,9 +25,11 @@ description: - User must hold the 'Authorization.ModifyPermissions' privilege to invoke this module. version_added: "2.6" author: -- Abhijeet Kasurde (@Akasurde) +- Abhijeet Kasurde (@Akasurde) +- Christian Kotte (@ckotte) notes: - Tested on ESXi 6.5 + - The C(full_name), C(principal), and C(user_group) properties are deprecated starting from Ansible v2.12 requirements: - "python >= 2.6" - PyVmomi @@ -50,56 +53,118 @@ local_user_facts: type: dict sample: [ { + "role": "admin", + "description": "Administrator", "full_name": "Administrator", - "principal": "root", + "group": false, "user_group": false, "user_id": 0, - "user_shell_access": true + "user_name": "root", + "principal": "root", + "shell_access": true }, { + "role": "admin", + "description": "DCUI User", "full_name": "DCUI User", - "principal": "dcui", + "group": false, "user_group": false, "user_id": 100, - "user_shell_access": false + "user_name": "dcui", + "principal": "dcui", + "shell_access": false }, ] ''' +try: + from pyVmomi import vmodl +except ImportError: + pass + from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.vmware import PyVmomi, vmware_argument_spec +from ansible.module_utils._text import to_native class VMwareUserFactsManager(PyVmomi): + """Class to manage local user facts""" def __init__(self, module): super(VMwareUserFactsManager, self).__init__(module) if self.is_vcenter(): - self.module.fail_json(msg="Failed to get local authorization manager settings.", - details="It seems that %s is a vCenter server " - "instead of an ESXi server." % self.params['hostname']) + self.module.fail_json( + msg="Failed to get local account manager settings.", + details="It seems that '%s' is a vCenter server instead of an ESXi server" % self.module.params['hostname'] + ) def gather_user_facts(self): - """ - Function to gather facts about local users - - """ + """Gather facts about local users""" results = dict(changed=False, local_user_facts=[]) - user_account = self.content.userDirectory.RetrieveUserGroups(None, '', None, None, False, True, False) - if user_account: - for user in user_account: - temp_user = dict(principal=user.principal, - full_name=user.fullName, - user_group=user.group, - user_id=user.id, - user_shell_access=user.shellAccess) + search_string = '' + exact_match = False + find_users = True + find_groups = False + user_accounts = self.content.userDirectory.RetrieveUserGroups( + None, search_string, None, None, exact_match, find_users, find_groups + ) + if user_accounts: + for user in user_accounts: + temp_user = dict() + # NOTE: the properties full_name, principal, and user_group are deprecated starting from Ansible v2.12 + temp_user['full_name'] = user.fullName + temp_user['principal'] = user.principal + temp_user['user_group'] = user.group + temp_user['user_name'] = user.principal + temp_user['description'] = user.fullName + temp_user['group'] = user.group + temp_user['user_id'] = user.id + temp_user['shell_access'] = user.shellAccess + temp_user['role'] = None + try: + permissions = self.content.authorizationManager.RetrieveEntityPermissions( + entity=self.content.rootFolder, + inherited=False + ) + except vmodl.fault.ManagedObjectNotFound as not_found: + self.module.fail_json( + msg="The entity doesn't exist" % to_native(not_found) + ) + for permission in permissions: + if permission.principal == user.principal: + temp_user['role'] = self.get_role_name(permission.roleId, self.content.authorizationManager.roleList) + break + results['local_user_facts'].append(temp_user) self.module.exit_json(**results) + @staticmethod + def get_role_name(role_id, role_list): + """Get role name from role ID""" + role_name = None + # Default role: No access + if role_id == -5: + role_name = 'no-access' + # Default role: Read-only + elif role_id == -2: + role_name = 'read-only' + # Default role: Administrator + elif role_id == -1: + role_name = 'admin' + # Custom roles + else: + for role in role_list: + if role.roleId == role_id: + role_name = role.name + break + return role_name + def main(): + """Main""" argument_spec = vmware_argument_spec() - module = AnsibleModule(argument_spec=argument_spec) + module = AnsibleModule(argument_spec=argument_spec, + supports_check_mode=True) vmware_local_user_facts = VMwareUserFactsManager(module) vmware_local_user_facts.gather_user_facts()